Security Header X-Content-Type-Options and Prismic Previews

daf · November 20, 2021, 6:32pm

Hi there,

I have the exact issue as this topic noted below, and I was wondering if there have been any updates recently as the thread has been quiet since May.

I need to use the security header below in NextJS 12, with previews. Unfortunately, it is not working and resulting in the response noted again below.

  {
    key: 'X-Content-Type-Options',
    value: 'nosniff'
  },

Response

<!DOCTYPE html><html><head><meta http-equiv="Refresh" content="0; url={response-url}/>
    <script>window.location.href = {response-url}</script>
    </head>

Is there a workaround, I haven't yet migrated from the NPM module prismic-javascript > @prismicio/client. This is something I intend on doing over the next week or so.

Would this have an impact on this issue? or is this something you are still exploring a fix for?

Many thanks,

Duncan.

Pau · November 22, 2021, 7:12pm

Hello @daf, thanks for bringing this to our attention.
I'll open the discussion with the team that's working on the Next kit and let you know what we conclude.

Thanks

Topic		Replies	Views
NextJS with X-Content-Type-Options header breaks previews Developing with Prismic nextjs	3	1344	December 9, 2021
Preview works on localhost, but not in production Developing with Prismic nextjs	1	853	June 27, 2022
Preview mode cookie missing from non-local environment Developing with Prismic nextjs , preview-cookies	5	257	March 28, 2024
Previews do not work with a built NextJS app Developing with Prismic nextjs	12	1940	June 21, 2023
“Slice Machine can't render your slice error” due to X-Frame-Options header in Next.js app Developing with Prismic nextjs , slice-machine	1	28	January 14, 2026

Security Header X-Content-Type-Options and Prismic Previews

Related topics